The Same Russians Who Hacked Clinton Are Targeting Biden

Uploaded on 2020-10-12 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Microsoft says that the same group of cyber criminals from Russia that attempted to interfere in the 2016 US election are trying to break into email accounts belonging to staff members from across the political spectrum.

Other hackers from China and Iran are also attempting to spy on the presidential campaigns of Donald Trump and Joe Biden, according to Microsoft. 

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that foreign groups and other malicious actors online are spreading disinformation around potential cyber attacks on US election infrastructure.  “During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote 

Officials with the Department of Homeland Security and US intelligence have been saying for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest. This would be similar to the last presidential race, when they leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.  Then the agencies warned that US voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results. 

Hackers targeted staff at Washington DC firm SKDKnickerbocker, a campaign strategy and communications firm working with Biden. ​Microsoft identified the suspected hacking group as the same set of spies blamed by the US government for breaking into the campaign of Democratic former presidential candidate Hillary Clinton and leaking the emails of her staff, two of the sources said. 

The group, which many researchers refer to as “Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the US intelligence community released after the 2016 election. A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. “They are well-defended, so there has been no breach,” the person said.

US intelligence agencies have raised alarms about possible efforts by foreign governments to interfere in the November presidential election.

Investigations by former special counsel Robert Mueller and the Senate intelligence committee both concluded that affiliates of the Russian government interfered in the 2016 presidential election to try to help Republican Donald Trump get elected. Mueller has warned that Russia was meddling in the current campaign. The Biden campaign said it was aware Microsoft said

One of the sources familiar with the incident told the Washington Post  that it was not clear whether Biden’s campaign was the target or whether the hackers were attempting to gain access to information about other SKDK clients. 

The attempts to infiltrate SKDK were recently flagged to the campaign firm by Microsoft, which identified hackers tied to the Russian government as the likely culprits, according to the three sources briefed on the matter. The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network, the three sources said.

Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

The company, which has extraordinary visibility on digital threats via its widely used Windows operating system and cloud services has taken an increasingly active role in calling out state-backed cyber espionage. In 2018, the company launched its Defending Democracy initiative, aimed in part at safeguarding campaigns from hackers.

It is thought that Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff  and that  China, has tried to hack staff for former vice president Joe Biden, Democratic presidential candidate.

These nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by US adversaries.  The kinds of disinformation campaigns being pushed heavily by bots take a variety of forms, including false information about voting logistics like date, place, or fake voting requirements.

Reuters:       Washington Post:       NPR:      Sky:     The Hill:         TechRepublic

You Might Also Read:

US Electoral Infrastructure Is Wide Open To Hackers:

 

« Cambridge Analytica Did Not Influence The Brexit Referendum
Struggling With The Cyber Security Skills Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Orca Security

Orca Security

Orca Security delivers full stack visibility including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Passbase

Passbase

Passbase is building a full-stack identity verification engine backed by verified government documents.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.